Modern Management Summit 2026

This session will provide a comprehensive introduction to table-top cybersecurity exercises, focusing on their importance, design, and execution. Participants will gain insights into the benefits of conducting table-top exercises, including improved incident response readiness, enhanced communication and coordination among stakeholders, and identification of gaps in policies and procedures. Practical guidance will be provided on structuring exercises to align with organizational objectives, selecting relevant scenarios, and engaging participants effectively.

Curious about how to build a rock-solid Privileged Access Workstation (PAW) that meets today’s toughest security demands? Join us for a deep dive into the why, what, and how of PAWs - from hardened Windows configurations and ACfB to secure provisioning, network isolation, and seamless Intune management. We’ll demystify concepts like browse-up/browse-down, explore the quirks of hardware tokens, and explain why a separate Entra tenant might be your best friend. Whether you're starting from scratch or refining your setup, this session will arm you with practical insights to elevate your security posture.

Our examples will focus on the ETSI TS 103 994-1 for conforming to UK TSA regulation but the concepts are universal for virtually any sector requiring a PAW.

When companies are affected by a breach, usually they contact an Incident Response provider to get help eradicating the threat actor from their environment.

This procedure generally speaking takes place when all computers and servers are encrypted and the only thing that matters is the RTO and RPO.

This session however, will look at one case where the threat actor was unable to execute their end goal.

Join this session to learn a number of hardening settings you must have in place, tips and tricks on monitoring, and last but not least the importance of end user awareness.

From a historical perspective in the scope of compromising Identitoes. we have a few waves of innovations the last 10 years. We moved from username / password to MFA. Last two years, with the adversary in the middle attacks, we need to move to more secure MFA, phishing resistant MFA. But what's next ? Think about stealing tokens from your device and reuse that on other systems.

The topic of Privileged Access Workstations (PAW) is hot again. But, many companies struggle to understand exactly what it means, how it will affect operations, and why to bother in the first place.

This session aims to remedy that, with a dive into theoretical practices regarding PAWs, and of course, live demoes of how they work with each other, and the intended administrative interfaces.

Buckle up, and get ready to gain insights into Administrative Tiering as a concept, the roles of PAWs, and how to implement them in your environment.

Security teams are often overwhelmed by large numbers of security recommendations in Defender, many labeled as high or critical. The real challenge is not finding risks, but deciding which ones truly matter first. This session shows how a tier-based risk analysis model can bring clarity and focus to security prioritization.

We introduce a practical approach that combines security impact and real-world consequences into a custom risk score, which is then translated into clear priority tiers (Tier 0–3). These tiers make it easier to understand urgency, align actions across teams, and focus remediation efforts where they have the highest effect.

In this session, you will learn:
* Why traditional severity ratings fail to support effective prioritization
* How to calculate risk based on impact and consequence, not just likelihood
* How Tier 0–3 prioritization simplifies decision-making and remediation planning
* How tiering helps align security priorities with business-critical assets

By the end of the session, you will understand how tier-based risk analysis reduces noise, improves consistency, and enables security teams to act faster and more confidently on the recommendations that matter most.

In this session we will show you everything you need to know when building custom detections in Microsoft 365 Defender. We will also walk you through several practical use cases everyone should have in their environment.

We all read about scary 0-day exploit or CVE popping up every now and then forcing us to take action.

However, did you know that most actors use Windows, to attack Windows? Meaning the built in tools and features allowing for Living Of the Land (LOL) and their binaries (Bins). This session will showcase that an environment, protected by using EDR is still susceptible ti these types of attacks, even in Windows 11 and in the year 2026.

In this session we will walk you through the most common threat vectors threat actors use to exploit on client devices. The session will be a mix of practical tips and demos of how to mitigate relevant threat vectors.

Application Control for Business (ACfB) is one of the most powerful security layers in Windows, but implementing it at scale is far from trivial. In this deep dive, we’ll go beyond the basics and dissect the ACfB policy structure, explore common pitfalls (think app GUID mismatches, XML syntax quirks, and supplemental policy chaos), and uncover why the “simple” act of signing your policies can completely derail your deployment strategy.

We’ll walk through the end-to-end signing process, with special focus on Azure Trusted Signing Services, how it works, what to trust, and how to integrate it into automated pipelines without breaking your rollout. All of this will be framed in the context of Privileged Access Workstations (PAWs), but the principles apply equally to broader enterprise scenarios. We’ll also show how to scale up or peel back security layers for less restrictive environments while maintaining operational efficiency.
Expect real-world lessons, live demos, and battle-tested best practices that will help you avoid costly mistakes and build a robust ACfB implementation strategy.